Cybercriminals who traffic in user data could face serious jail time

Shares

A new cybersecurity report from MPs has made a number of stringent recommendations, including a series of escalating fines for companies who spill customer details as a result of data breaches.

The report from the Culture, Media and Sport Select Committee was initiated due to the major TalkTalk breach last year, although the authors were careful to note that it is intended to address broader cybercrime problems and not just single the service provider out.

Recommendations from MPs include penalising bosses at firms who suffer data breaches, as well as noting that the penalty which can be levied on a company will soon be raised from the present £500,000 maximum fine to €20 million (around £15.5 million, or a maximum 4% of global turnover) with the EU's incoming General Data Protection Regulation.

That's a definitely good thing, the committee said, because the current maximum fine the ICO can impose just isn't enough of a deterrent.

The report noted: "The ICO should introduce a series of escalating fines, based on the lack of attention to threats and vulnerabilities which have led to previous breaches. A data breach facilitated by a 'plain vanilla' SQL attack, for example, or continued vulnerabilities and repeated attacks, could thus trigger a significant fine."

Crackdown on cybercriminals

Furthermore, it's not just businesses who are being clamped down upon, but also cybercriminals themselves – those who hack companies, or otherwise obtain and sell user data, could be jailed for up to two years, the committee recommended.

The MPs also called for a "step change" in terms of making consumers aware of online and telephone scams which are increasingly trying to snare the unwary.

They called for the government to initiate campaigns to raise public awareness of such scams, and also called upon businesses to make it clear to customers how they will contact them – and how customers can verify that any communication is actually from the organisation itself, and not an imposter.